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Method and device for encrypting a digital data streanti in a transmission system 



The invention relates to a metibiod for encrypting a digital data stream in a 
transmission system which has a transmitter for modulating a digital data stream and for 
transmitting the modulated digital data stream, as well as a receiver for receiving the 
modulated digital data stream and for recovering the digital data stream. In particular it 
5 relates to a transmission system that carries out the modulation or encryption on the basis of 
an orthogonal code. The invention also relates to such a transmission system. 

The invention relates in particular to an encryption metiiod that uses an 
orthogonal code for the modulation. 

The invention furthermore relates to a transmission system that can be used for 
10 cordless as well as line-based networks. It can be used for single-carrier as well as multi- 
carrier modulation. In cordless transmission systems, it can be used for systems with a single 
antenna as well as for those with several antennae. 

In the case of a transmission system in a cordless network, for example the 
CDMA (Code Division Multiple Access) metiiod is used. The CDMA method carries out a 
15 division of the spectrum into a broad frequency band, referred to in the following as 

"spreading". Two subscribers to the network who set up a connection use a particular code 
for the modulation and demodulation of the data stream. The spreading process is illustrated 
in Figure 1 for the prior art. Here, the digital data stream comprises a successive sequence of 
symbols. Each symbol of the digital data stream d^^ of the k^ connection (link) is multiplied 
20 during the entire coimection by the same spreading frequency or by the same spreading code 
c^^ The spreading code c^^has the length P, for example 8 bits. This multiplication yields the 
spread signal which is expressed by the following equation (1): 

25 

Here, the spreading code c^^ is expressed through the following vector (2): 



c^> = [co^>Ci<^>...Cp.,<^>f (2) 
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The vector stated in the equation (2) describes a spreading code c^^ that is 
composed of positive and negative rectangular pulses as well as zero values. Its period Tc is a 
constant of P bits and expresses the duration of the validity of one of the elements co to Cp-i. 

If — as in the CDMA method — an orthogonal spreading code is used, the 
5 spread signal s^^ can be received by the k*^ subscriber as a reception signal r^^' and the digital 
data stream can be recovered through correlation of the reception signal r^^ with the same 
spreading code c^^ that was also used in the mixing. Establishment of the spreading code 
takes place for example after connection set-up. 

Since the CDMA method is xised in networks in which different coimections 

10 can be set up simultaneously, numerous diflferent spreading codes exist Here, each 

coimection is assigned a different spreading code, so that the transmitted data can be decoded 
only by the authorized recipient 

The number of spreading codes used in the CDMA method is limited; the 
spreading codes themselves can be found out During the entire data transmission from one 

15 network subscriber to another, according to equation (1) only the one spreading code 
established by the transmitting subscriber, is used. This leads to the situation that data 
streams that have been intercepted and stored by unauthorized receivers can be decoded 
through correlation of the received spectrum with various orthogonal codes. Such 
transmission systems are thus not secure against eavesdropping. 

20 The patent application GB 2 33 1 207 A discloses a communication system that 

uses orthogonal codes in the CDMA method. In particular, it relates to an orthogonal multiple 
access system that divides the channels according to a hopping pattern of the orthogonal 
code. Here, the transmitter has a first generator for the orthogonal hopping code, which has 
an orthogonal code generator for producing the orthogonal code in accordance with a 

25 hopping pattern, and a hopping controller that is connected to the orthogonal code generator 
for producing the hopping pattern. In the case of one embodiment, the first generator for the 
hopping orthogonal code includes a memory for storing the orthogonal code for the output in 
accordance with the hopping pattem, and a hopping controller for producing the hopping 
pattern and for outputting the hopping pattem to the memory. Through the fact that the 

30 orthogonal codes for the encryption are filed in a memory and access to these orthogonal 

codes can be effected rapidly, the speed of encryption is increased. The patent application GB 
2 331 207 also acknowledges that in encryption systems, the security of the encrypted data is 
higher, the more complex or varied the codes for the encryption are. For this reason, the 
British patent application proposes, in one embodiment, a transmitter in which each chaimel 
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is assigned an orthogonal code comprising code symbols, which is used for the duration of 
the transmission. These orthogonal codes differ in respect of the duration of the validity of 
their code symbols, and in fact varies titem in relation to a data unit (bit) of the digital signal. 
This means tihiat the individual elements co^\ ci^^ ... cp-i*^ of the P elements of a vector from 
5 equation (2) have the same period of vaUdity, but that this period of validity is different from 
that of the elements of another connection. To put it another way, different orthogonal codes 
have different hopping periods Thop. Through the use of different orthogonal codes, which 
differ m terms of the hopping time Thop, for different channels an encryption function is 
realized on the transmitter side, or a decoding ftmction is realized on the receiver side: 

10 however, this is aimed only at the overall communication system and not at the individual 
channels, each of which is assigned a spreading code that is to be used constantiy. The 
orthogonal codes are produced by a Hoppmg Code Generator (HCG) in accordance with a 
hopping pattem that can be selected by the hopping controller. The hopping time of an 
individual orthogonal code can be shorter than the duration of a data unit, identical to the 

1 5 duration of a data unit, or an n-multiple of the length of a data unit, where n is a whole 
number. 

The international patent application WO 02/056517 Al discloses a method for 
operating a CDMA communication system, which in a coverage area of a base station assigns 
one spreading code out of a number of spreading codes to individual subscribers of a number 

20 of subscriber stations, and which then during transmission periodically hops between the 

spreading codes within the cell, and in fact within the quantity of spreading codes. So that at 
any given time, no two subscriber stations are working with the same spreading code, all 
subscribers are registered in a table containing the FN codes, with the subscribers being 
offset relative to one anotiier. Within the table, the subscribers are moved to the same extent, 

25 so that they hop from one code to another whilst retaining their offset Thus each subscriber 
works within the cell for a predetermined time segment with a different FN spreading code. 
The step of periodic hoppmg preferably changes from the currently-used spreading code to 
the next spreading code at a symbol rate or a multiple of the symbol rate. The system can be 
one with a fixed data rate or with a variable data rate. What is decisive here is that all 

30 subscribers registered in the table are moved to the same extent, so tiiat their offset is 

maintained and it is thus ensured fliat each subscriber works with a different spreading code. 
In order to ensure this, the allocation of the spreading codes and of the pattem for the 
hopping takes place in a centralized and co-ordinated manner. The pattem for the hopping is 
established and is known to every subscriber, so that it is ensured that the distance between 
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the subscribers in the table is maintained. By hopping from the currently-used spreading code 
to another spreading code, any interference that may be present between two subscribers is 
reduced. 

It is an object of the present invention to define a method for encrypting a 
digital data stream in a transmission system that uses orthogonal codes for the modulation, 
which increases the security of the data stream against eavesdropping. It is furthermore an 
object of the invention to define a method for decoding a digital data stream that has been 
transmitted encrypted. It is furthermore the task of the invention to define a device for 
carrying out such a method. It is furthermore an object of the invention to define such a 
transmission system for a digital data stream that uses orthogonal codes for the modulation, 
and has increased security against eavesdropping. 

Increasing the degree of encryption by varying the encryption, as described in 
claim 1, during an existing connection, makes it more difficult for an unauthorized lliird party 
to find out the content of the data stream on the basis of intercepted data by trying out all 
known spreading codes, since each individual spreading code, even if it is actually known, is 
applied only for a short time, and then in a quasi-random sequence another spreading code 
from the established quantity is applied and/or the length of the hop interval from one 
spreading code to the next is varied. 

The assigned sequence for the application of the different spreading codes is 
valid only for a single k*^ connection, and is known only to the transmitting and the receiving 
device. This sequence is not produced centrally and is not assigned to several connections, so 
that the assigned sequence for a particular connection is not known to others. Here, the 
sequence is established by the transmitting device and is for example produced by a random 
generator or taken from a table stored in a memory. The sequence for the use of the different 
spreading codes is preferably of a random nature here. 

The hop intervals assigned to a k*** connection indicates the validity for a 
spreading code, and can be defined as a period, i.e. a time-related period of validity, or as a 
number of data packets. The hop interval is established decentraUy by the transmitting 
device, and is notified to the receiving device. This means that in a network in which several 
connections exist simultaneously, with these connections respectively usmg a set of 
spreading codes, these can have content-related overlaps, such that individual connections 
could from at times certainly use identical spreading codes, but these would be used 
simultaneously only temporarily, since after the expiry of the hop interval another spreading 
code would be used. 
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The sequence for the use of the content of a set of spreading codes can 
bedefined by a permutation function which is constructed as a vector and which states the 
respective position of the spreading code that is to be used at that moment. In the first place 
of the vector is the position of the first spreading code that is to be used, in the second place 
the position of the second spreading code to be used, etc. In all, the permutation fimction 
includes M elements. Once the vector has been run through once, the allocation is started 
again at the first position, in the manner of a loop. The positions of the spreading code are 
preferably stated by whole numbers. 

In the case of the method described in claim 3, after the connection has been 
set up tile parameters required for the transmission and recovery of the digital data stream are 
transmitted by means of an encryption key. Through the communication of the encryption 
key, the following steps are triggered: 

establishment of a permutation fimction, 

establishment of a set of spreading codes, and/or 

establishment of a hop interval, 
wherein one, two or all three of the last steps mentioned above can be carried out, and indeed 
in any order, since the communication of the encryption key is concluded before the 
transmission of the digital data stream begins. 

In the case of the method for encrypting a digital data stream described in 
claim 4, a first permutation procedure is executed, which contains a loop with the following 
steps: 

setting of an interval to " 1 "; 

waiting for the end of a predefined hop interval; 

increasing the interval by the value 1 ; 

carrying out a comparison to see whether the current value of the interval is 
greater than the total number of elements of a permutation function which states the positions 
of the spreading code of a set of spreading codes that is to be used for encrypting the digital 
data stream, wherein alternatively the following takes place: 

- if tiie comparison has a positive result: resetting of the interval to "1"; 

- if the comparison has a negative result: equating the current spreading code 
with the spreading code that stands at the position stipulated by the permutation function. 

This method describes the definition or allocation of the spreading code that is 
to be used respectively at a given time. 
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With regard to the device for carrying out an enayption procedure, the task of 
the invention is fulfiUed in that the device has a first code generator that produces the 
respectively current spreading code. Here, the production of the respectively cunent 
spreading code can take place contemporaneously during encryption, or can be concluded 
before encryption, wherein then the spreading codes to be used during encryption are for 
example stored in a table in a ROM or other memory. 

With regard to the method for decoding a received digital data stream that was 
transmitted encrypted, according to the invention the task is fulfilled through the execution of 
a second permutation procedure that contains a loop with the following steps: 

setting an interval to " 1"; 

waiting for the end of a predefined hop interval; 

increasing Has interval by the value 1 ; 

canying out a comparison to see whether the current value of the interval is 
greater tiian the total number of elements of a permutation function which states the positions 
of the spreading code of a set of spreading codes that is to be used for decoding the encrypted 
digital data stream, wherein alternatively the foUowing takes place: 

- if flie conq)arison has a positive result: resetting of the interval to "1 "; 

- if the conq)arison has a negative result: equating the current spreading code 
with the spreading code that stands at the position stipulated by the permutation function. 

The loop describes here ensures that the received signal is respectively 
decoded with the same code that was used for encryption, and through this the digital data 
stream is recovered. 

With regard to the device for canying out a decoding method, according to the 
invention the task is solved in that the device has a second code generator that produces the 
current spreading code. Here, the current spreading code can be produced contemporaneously 
during decoding, or can be produced in advance and stored in a suitable memory. In this case, 
a second code generator means that both the transmitting device and the receiving device 
have a code generator. The code generator that is used during the k* connection as the second 
code generator, namely as the code generator for the decoding, can also be the first code 
generator used for the encryption during another connection. 

With regard to the transmission system for a digital data stream that uses 
orthogonal codes for the modulation, according to the invention the task is fulfiUed in that the 
transmission system has a first device in which the digital data stream is mixed with a 
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spreading code, and has a second device in which the received, encrypted signal and the 
spreading code are supplied to a correlator, and tiie transmission system has means for 
carrying out encryption, 

carrying out decoding of a digital data stream that was transmitted encrypted. 

These means can be a clock generator, a memory (ROMO for storing the 
spreading code and the instractions which are communicated with the aid of the encryption 
key. 

The method according to the invention for encrypting and decoding a digital 
data stream can be used in both cordless and line-based networks, wherein the level of tiie 
degree of encryption and thus the level of protection against unauthorized eavesdropping can 
be adapted to the respective requirement. 

Advantages of the invention are that the degree of encryption is inareased 
during data transmission, whilst the necessary bandwidth remains unchanged This advantage 
is achieved through the fact that the encryption of the digitized data takes place in the 
physical layer (layer 1) of the OSI 7-layer model. 

In this connection, the degree of encryption stands for a level of complexity. 

The measures 

1) use of a set of different spreading codes, 

2) use of a permutation function and/or 

3) use of a hop interval that is of different lengths for different connections can 
be used individually or in combination. The more measures are realized, the higher the level 
of complexity and thus of the degree of encryption. Complexity is further increased by the 
iise of factors of greater content and thus through greater variety. 

The invention is elucidated below only on the basis of examples, wherein 

Fig. 1 shows schematically a CDMA transmitter according to the prior art; 

Fig. 2 shows schematically a CDMA receiver according to the prior art; 

Fig. 3 shows a device for encryption in accordance with the invention, in a 
schematic representation; 

Fig. 4 shows a device for decoding in accordance with the invention, in a 
schematic representation; 

Fig. 5 shows in a schematic representation a flow chart [for] a method in 
accordance with the invention, for encrypting a digital data stream; 
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Fig. 6 shows schematically, in a flow chart, a method in accordance with the 
invention, for decoding and recovering a digital data stream, and 

Fig. 7 contains a table with certain permutation functions. 

With regard to the prior art. Figure 1 shows schematically a transmitter for 
transmission with the CDMA method. The digital data stream d*^ of the k* connection is 
mixed with a spreading code c^\ The transmission signal s^^ that is created thus is sent to the 
receiving subscriber, either cordlessly or line-based. The spreading code c^^ is constant for 
the duration of the connection. An unauthorized receiver can mtercept the transmission signal 
s*^ and store it, and could determine, by trial and error, the single spreading code that was 
used. 

With regard to the prior art, Figure 2 shows schematically a CDMA receiver, 
which adds the coded input signal r^^ in a correlator to ttie same spreading code The one 
spreading code c^' is notified to the receiver for the k* connection. If that spreading code c^^ 
is used in the correlation which was also used in the case of encoding, the received signal r^^ 
can be decoded and thus the digital data stream y^^ can be recovered. 

Figure 3 shows, in a schematic representation, a device 1 in accordance with 
the invention, for encryption for the CDMA transmission system. The digital data stream d^^ 
is mixed with a dynamic code c^^(t) here. A dynamic code generator 2 produces orthogonal 
codes of differing content, and controls their use, so that during a connection different 
spreading codes are used. With an encryption key that is communicated after the connection 
has been set up, amongst other things a quantity Gi of orthogonal codes {gi^\ gi^^ ... gn^^} is 
established. During a connection, one after another at least two codes from the quantity Giare 
used. The designation of the dynamic spreading code c^\t) is intended to mean that during 
the connection, the encryption varies, for example through the application of a first code ci^\ 
a second code C2^^ etc. Depending on the duration of the connection or the definition of the 
hop interval Ihop of a spreading code, individual codes or all the codes can be used several 
times. By changing the spreading code dxmng the transmission, a first degree of encryption is 
achieved. 

Figure 4 shows, in a schematic representation, a device 3 in accordance with 
the invention, for decoding the received signal r^^ and for recovering the digital data stream 
y^^ in a transmission system. Here, the received signal r^^ is supplied to a correlator just as 
the dynamic code c^\t) is, A dynamic second code generator 4 creates orthogonal codes of 
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different content and controls their use, so that during a connection different spreading codes 
are applied. The application of different spreading codes during a single connection is 
intended to be visualized through the illustration (t) and through the adjective "dynamic". 

The dynamic code generator 2 for the transmission device 1 and the code 
5 generator 4 for the receiver device can be physically the same ones. For example, a mobile 
radio telephone has a part for transmitting and a part for receiving, wherein according to one 
embodiment of the invention, both make use of the same dynamic code generator. 

In a flow chart. Figure 5 schematically shows a method in accordance with the 
invention, for encrypting a digital data stream. Following on from the connection set-up 100, 
10 in step 200 the encryption key is communicated. This triggers the following, in any order: 

the establishment of a permutation function Si 2 10; 

the establishment of a set of spreading codes Gi 220; 

the establishment of a hop interval Ihop 230. 
The encryption key is created by the transmittmg unit and contains the parameters necessary 
15 for decoding the transmitted data signal. 

The permutation function Si = {p_l, p_2 ... p_M} indicates in which order the 
individual codes gi^^ g2^> ... gH^^ of the set Gj are applied. The establishment 210 of the 
permutation function that is valid for the current transmission can altematively take place 
through: 

20 a) communication of a vector Si which includes the concrete permutation 

sequence {p_l, p_2 ... p_M}, or 

^) communication only of the name of a single permutation function Si. 

Alternative a) enables an unauthorized third party subscriber to eavesdrop the 
permutation sequence and thus to obtain an aid for decoding the digital data stream that has 

25 been transmitted. However, this method has the advantage that storage space is saved on both 
the transmitter and receiver sides, since the pennutation sequence that is valid for the current 
communication needs only to be stored in the buffer memory, and can be deleted after the 
ending of the transmission. 

Alternative b) requires that on both the transmitter and receiver sides, all the 

30 possible permutation functions Si, S2 ... Sl (L: whole-number) have to be pemianently stored, 
so that the permutation function Si that is valid for the transmission can be called up. The 
advantage of this variant is that an unauthorized third party subscriber cannot find out the 
sequence of orthogonal codes G| that lies behind the pennutation function Si that is use4 
since it is not communicated, wherein H and P are whole numbers. 
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A set Gi contains H individual orthogonal codes that are suitable for use in the 
CDMA method. Here, each individual one of the H orthogonal codes g is built up as a vector 
with P elements. 

The step of establishing a set Gi of spreading codes 220 can alternatively take 
place either through 

c) Communication of the concrete individual orthogonal codes in the form of 
vectors or 

d) communication of the names of the orthogonal codes that are to be used. 
The advantages and disadvantages of alternatives c) and d) are, as in the case 

of alternatives a) and b) when establishing the permutation function S|, that communication 
of the concrete details reduces security against eavesdropping^ and that the saving and calling 
up of predefined orthogonal codes takes up memory space on both the transmitter and 
receiver sides. 

Step 230, for establishing the hop interval Ihop, alternatively means either 

e) stipulation of a period Thqp, i.e. of a time-related duration of validity, 
or 

f) stipulation of a quantity Q of data packets. 

After communication of the encryption key, the dynamic encryption 300 
begins. The first permutation procedure 400 is as follows: at step 41 0 the interval n is set to 
"1", that orthogonal code firom the set Gi is used that stands at the place p_l of the 
permutation function Sj. At step 420, the expiry of the hop interval Ihop is waited for. The 
measuring of time for establishing the end of the period, or the counting of the data packets 
that have been transmitted, takes place through corresponding devices such as for example a 
counter or a flip-flop. When the end of the hop interval Ihop has been reached, in step 430 the 
interval n is increased by the value 1 . At step 440 the comparison is then earned out to see 
whether the current value for the interval n is greater than the total number M of the elements 
of the permutation vector. If the comparison yields the answer "yes", the loop starts against 
with step 410 and the interval n is set to "1" again. If the result of the comparison is "no", in 
step 450 that code is called up as a current code CrP''> which stands at the n* position p_p. of 
the permutation function Si, i.e. c„*> = gpj'\ and it is used until, in the course of the loop, in 
step 420 the end of die hop interval Ihop is reached and subsequently in step 430 the interval n 
is increased by the value 1 . 

Shown schematically in Figure 6, in a flow chart, is a method in accordance 
with the invention, for decoding and recovering a digital data stream. The encryption key. 
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which is communicated in step 600, following on from the connection set-up 500, triggers the 
following: 

the establishment of a pemiutation function Si 610; 
the establishment of a set of spreading codes Gi 620; 
the establishment of a hop interval Ihop 630. 
As already e>q)lained for Figure 5, 

the establishment 610 of the permutation function that is valid for the current 
transmission can altematively take place through either communication of a vector Sj which 
contains the concrete permutation sequence{p_l, p_2 ... pJSl}, or through communication 
only of the name of an individual permutation function Si, 

the step for establishing a set Gq of spreading codes 620 can take place 
altematively either through commxmicating the concrete individual orthogonal codes in the 
form of vectors or communicating the names of the orthogonal codes that are to be used, 
and/or 

the step 630 for establishing the hop interval Ihop can altematively mean the 
stipulation of either a period Thop, i.e. a time-related period of validity, or a quantity Q of data 
packets. 

After the conmunication of the encryption key, the dynamic decoding 700 
begins. The first permutation procedure 800 is as follows: at step 810 the interval n is set to 
"1", that orthogonal code from the set Gi is used which stands at the place p_l of the 
pennutation function Si. At step 820 the expiry of the hop interval Ihop is waited for. The 
measuring of time for determining the end of the period, or the counting of data packets that 
have been transmitted, is carried out by corresponding devices such as for example a counter 
or a flip-flop. Once the end of the hop interval Ihop has been reached, in step 830 the interval 
n is increased by the value 1. At step 840 the comparison is then carried out to see whether 
the current value for the interval n is greater than the total number M of the elements of the 
permutation vector. If the comparison yields the answer "yes", the loop starts again with step 
810 and the interval n is set to "1" agam. If the result of the comparison is "no", in step 850 
that code is called up as the current code Cn^^ which stands at the n^ position p_n of the 
permutation function Si, i.e. Cn^^ = gp_n^\ and this is used until, in the course of the loop, in 
step 820 the end of the hop interval Ihop is reached and subsequently in step 830 the interval n 
is iacreased by the value 1. 

Figure 7 contains a table with examples for particular Permutation functions Sj 
= {P-l> P-2 ... p3t} and the code Ci that follows from that. Here, p_l, p_2 ... p_>l are any 
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whole numbers 1, 2 ... H. If a particular permutation function is e.g.: s = {2, H}, this means 
that p_l = 2 and p_2 = H, and in encryption first of all the spreading code gi and 
subsequently the spreading code gn is applied. If the connection has not yet ended then, 
encryption is continued in the manner of a loop, with p_l, i.e.g2, and then with p_2, i.e. gn. 



